Charts CI

```
Updated:
  kasten/k10:
    - 6.5.12
```

charts/kasten/k10/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 7.3.2
 - name: prometheus
   repository: ""
-  version: 25.12.0
-digest: sha256:f3e6926f6a711f61ab0e6598105cbee8806113bb02992529f05c3645fe99161c
-generated: "2024-04-06T01:13:26.749949259Z"
+  version: 25.18.0
+digest: sha256:e35117c8aba9f6bde24ae45b5e05b0342b03029dfb2676236c389572cc502066
+generated: "2024-04-20T03:47:20.475656567Z"

charts/kasten/k10/Chart.yaml

@@ -4,7 +4,7 @@ annotations:
   catalog.cattle.io/kube-version: '>= 1.17.0-0'
   catalog.cattle.io/release-name: k10
 apiVersion: v2
-appVersion: 6.5.11
+appVersion: 6.5.12
 dependencies:
 - condition: grafana.enabled
   name: grafana
@@ -13,12 +13,12 @@ dependencies:
 - condition: prometheus.server.enabled
   name: prometheus
   repository: file://./charts/prometheus
-  version: 25.12.0
+  version: 25.18.0
 description: Kasten’s K10 Data Management Platform
 home: https://kasten.io/
 icon: https://docs.kasten.io/_static/logo-kasten-k10-blue-white.png
 maintainers:
 - email: [email protected]
   name: kastenIO
 name: k10
-version: 6.5.1101
+version: 6.5.1201

charts/kasten/k10/README.md

@@ -69,13 +69,22 @@ Parameter | Description | Default
 `serviceAccount.create`| Specifies whether a ServiceAccount should be created | `true`
 `serviceAccount.name` | The name of the ServiceAccount to use. If not set, a name is derived using the release and chart names. | `None`
 `ingress.create` | Specifies whether the K10 dashboard should be exposed via ingress | `false`
+`ingress.name` | Optional name of the Ingress object for the K10 dashboard. If not set, the name is formed using the release name. | `{Release.Name}-ingress`
 `ingress.class` | Cluster ingress controller class: `nginx`, `GCE` | `None`
 `ingress.host` | FQDN (e.g., `k10.example.com`) for name-based virtual host | `None`
 `ingress.urlPath` | URL path for K10 Dashboard (e.g., `/k10`) | `Release.Name`
+`ingress.pathType` | Specifies the path type for the ingress resource | `ImplementationSpecific`
 `ingress.annotations` | Additional Ingress object annotations | `{}`
 `ingress.tls.enabled` | Configures a TLS use for `ingress.host` | `false`
 `ingress.tls.secretName` | Specifies a name of TLS secret | `None`
-`ingress.pathType` | Specifies the path type for the ingress resource | `ImplementationSpecific`
+`ingress.defaultBackend.service.enabled` | Configures the default backend backed by a service for the K10 dashboard Ingress (mutually exclusive setting with `ingress.defaultBackend.resource.enabled`). | `false`
+`ingress.defaultBackend.service.name` | The name of a service referenced by the default backend (required if the service-backed default backend is used). | `None`
+`ingress.defaultBackend.service.port.name` | The port name of a service referenced by the default backend (mutually exclusive setting with port `number`, required if the service-backed default backend is used). | `None`
+`ingress.defaultBackend.service.port.number` | The port number of a service referenced by the default backend (mutually exclusive setting with port `name`, required if the service-backed default backend is used). | `None`
+`ingress.defaultBackend.resource.enabled` | Configures the default backend backed by a resource for the K10 dashboard Ingress (mutually exclusive setting with `ingress.defaultBackend.service.enabled`). | `false`
+`ingress.defaultBackend.resource.apiGroup` | Optional API group of a resource backing the default backend. | `''`
+`ingress.defaultBackend.resource.kind` | The type of a resource being referenced by the default backend (required if the resource default backend is used). | `None`
+`ingress.defaultBackend.resource.name` | The name of a resource being referenced by the default backend (required if the resource default backend is used). | `None`
 `global.persistence.size` | Default global size of volumes for K10 persistent services  | `20Gi`
 `global.persistence.catalog.size` | Size of a volume for catalog service  | `global.persistence.size`
 `global.persistence.jobs.size` | Size of a volume for jobs service  | `global.persistence.size`
@@ -99,6 +108,7 @@ Parameter | Description | Default
 `secrets.azureTenantId` | Azure tenant ID (required for Azure deployment) | `None`
 `secrets.azureClientId` | Azure Service App ID | `None`
 `secrets.azureClientSecret` | Azure Service APP secret | `None`
+`secrets.azureClientSecretName` | The secret that contains ClientID, ClientSecret and TenantID for Azure | `None`
 `secrets.azureResourceGroup` | Resource Group name that was created for the Kubernetes cluster | `None`
 `secrets.azureSubscriptionID` | Subscription ID in your Azure tenant | `None`
 `secrets.azureResourceMgrEndpoint` | Resource management endpoint for the Azure Stack instance | `None`
@@ -194,6 +204,10 @@ Parameter | Description | Default
 `gateway.resources.[requests\|limits].[cpu\|memory]` | Resource requests and limits for gateway pod | `{}`
 `gateway.service.externalPort` | Specifies the gateway services external port | `80`
 `genericVolumeSnapshot.resources.[requests\|limits].[cpu\|memory]` | Resource requests and limits for Generic Volume Snapshot restore pods | `{}`
+`multicluster.enabled` | Choose whether to enable the multi-cluster system components and capabilities | `true`
+`multicluster.primary.create` | Choose whether to setup cluster as a multi-cluster primary | `false`
+`multicluster.primary.name` | Primary cluster name | `''`
+`multicluster.primary.ingressURL` | Primary cluster dashboard URL | `''`
 `prometheus.k10image.registry` | (optional) Set Prometheus image registry. | `gcr.io`
 `prometheus.k10image.repository` | (optional) Set Prometheus image repository. | `kasten-images`
 `prometheus.rbac.create` | (optional) Whether to create Prometheus RBAC configuration. Warning - this action will allow prometheus to scrape pods in all k8s namespaces | `false`
@@ -239,6 +253,7 @@ Parameter | Description | Default
 `limiter.genericVolumeRestores` | Limit of concurrent generic volume snapshot restore operations | `10`
 `limiter.csiSnapshots` | Limit of concurrent CSI snapshot create operations | `10`
 `limiter.providerSnapshots` | Limit of concurrent cloud provider create operations | `10`
+`limiter.imageCopies` | Limit of concurrent image copy operations | `10`
 `cluster.domainName` | Specifies the domain name of the cluster | `cluster.local`
 `kanister.backupTimeout` | Specifies timeout to set on Kanister backup operations | `45`
 `kanister.restoreTimeout` | Specifies timeout to set on Kanister restore operations | `600`
@@ -265,6 +280,7 @@ Parameter | Description | Default
 `forceRootInKanisterHooks` | Forces Kanister Execution Hooks to run with root privileges | `true`
 `defaultPriorityClassName` | Specifies the default [priority class](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) name for all K10 deployments and ephemeral pods | `None`
 `priorityClassName.<deploymentName>` | Overrides the default [priority class](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) name for the specified deployment | `{}`
+`ephemeralPVCOverhead` | Set the percentage increase for the ephemeral Persistent Volume Claim's storage request, e.g. PVC size = (file raw size) * (1 + `ephemeralPVCOverhead`) | `0.1`
 
 ## Helm tips and tricks
 

charts/kasten/k10/charts/prometheus/Chart.yaml

@@ -6,24 +6,24 @@ annotations:
     - name: Upstream Project
       url: https://github.com/prometheus/prometheus
 apiVersion: v2
-appVersion: v2.49.1
+appVersion: v2.51.0
 dependencies:
 - condition: alertmanager.enabled
   name: alertmanager
   repository: https://prometheus-community.github.io/helm-charts
-  version: 1.7.*
+  version: 1.10.*
 - condition: kube-state-metrics.enabled
   name: kube-state-metrics
   repository: https://prometheus-community.github.io/helm-charts
-  version: 5.16.*
+  version: 5.17.*
 - condition: prometheus-node-exporter.enabled
   name: prometheus-node-exporter
   repository: https://prometheus-community.github.io/helm-charts
-  version: 4.26.*
+  version: 4.31.*
 - condition: prometheus-pushgateway.enabled
   name: prometheus-pushgateway
   repository: https://prometheus-community.github.io/helm-charts
-  version: 2.6.*
+  version: 2.8.*
 description: Prometheus is a monitoring system and time series database.
 home: https://prometheus.io/
 icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png
@@ -50,4 +50,4 @@ sources:
 - https://github.com/prometheus/node_exporter
 - https://github.com/kubernetes/kube-state-metrics
 type: application
-version: 25.12.0
+version: 25.18.0

charts/kasten/k10/charts/prometheus/OWNERS

@@ -0,0 +1,6 @@
+approvers:
+- mgoodness
+- gianrubio
+reviewers:
+- mgoodness
+- gianrubio

charts/kasten/k10/charts/prometheus/README.md

@@ -334,7 +334,6 @@ To manually setup RBAC you need to set the parameter `rbac.create=false` and spe
 > **Tip**: You can refer to the default `*-clusterrole.yaml` and `*-clusterrolebinding.yaml` files in [templates](templates/) to customize your own.
 
 ### ConfigMap Files
-
 AlertManager is configured through [alertmanager.yml](https://prometheus.io/docs/alerting/configuration/). This file (and any others listed in `alertmanagerFiles`) will be mounted into the `alertmanager` pod.
 
 Prometheus is configured through [prometheus.yml](https://prometheus.io/docs/operating/configuration/). This file (and any others listed in `serverFiles`) will be mounted into the `server` pod.

charts/kasten/k10/charts/prometheus/charts/alertmanager/Chart.yaml

@@ -4,7 +4,7 @@ annotations:
     - name: Chart Source
       url: https://github.com/prometheus-community/helm-charts
 apiVersion: v2
-appVersion: v0.26.0
+appVersion: v0.27.0
 description: The Alertmanager handles alerts sent by client applications such as the
   Prometheus server.
 home: https://prometheus.io/
@@ -21,4 +21,4 @@ name: alertmanager
 sources:
 - https://github.com/prometheus/alertmanager
 type: application
-version: 1.7.0
+version: 1.10.0

charts/kasten/k10/charts/prometheus/charts/alertmanager/templates/services.yaml

@@ -13,6 +13,10 @@ metadata:
   {{- end }}
   namespace: {{ include "alertmanager.namespace" . }}
 spec:
+  {{- if .Values.service.ipDualStack.enabled }}
+  ipFamilies: {{ toYaml .Values.service.ipDualStack.ipFamilies | nindent 4 }}
+  ipFamilyPolicy: {{ .Values.service.ipDualStack.ipFamilyPolicy }}
+  {{- end }}
   type: {{ .Values.service.type }}
   {{- with .Values.service.loadBalancerIP }}
   loadBalancerIP: {{ . }}

charts/kasten/k10/charts/prometheus/charts/alertmanager/templates/statefulset.yaml

@@ -12,6 +12,7 @@ metadata:
   namespace: {{ include "alertmanager.namespace" . }}
 spec:
   replicas: {{ .Values.replicaCount }}
+  minReadySeconds: {{ .Values.minReadySeconds }}
   revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
   selector:
     matchLabels:

charts/kasten/k10/charts/prometheus/charts/alertmanager/values.yaml

@@ -114,6 +114,12 @@ service:
   # Optionally specify extra list of additional ports exposed on both services
   extraPorts: []
 
+  # ip dual stack
+  ipDualStack:
+    enabled: false
+    ipFamilies: ["IPv6", "IPv4"]
+    ipFamilyPolicy: "PreferDualStack"
+
 # Configuration for creating a separate Service for each statefulset Alertmanager replica
 #
 servicePerReplica:
@@ -235,6 +241,13 @@ topologySpreadConstraints: []
 statefulSet:
   annotations: {}
 
+## Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to
+## be considered available. Defaults to 0 (pod will be considered available as soon as it is ready).
+## This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds
+## feature gate.
+## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#minimum-ready-seconds
+minReadySeconds: 0
+
 podAnnotations: {}
 podLabels: {}
 

charts/kasten/k10/charts/prometheus/charts/kube-state-metrics/Chart.yaml

@@ -4,7 +4,7 @@ annotations:
     - name: Chart Source
       url: https://github.com/prometheus-community/helm-charts
 apiVersion: v2
-appVersion: 2.10.1
+appVersion: 2.11.0
 description: Install kube-state-metrics to generate and expose cluster-level metrics
 home: https://github.com/kubernetes/kube-state-metrics/
 keywords:
@@ -23,4 +23,4 @@ name: kube-state-metrics
 sources:
 - https://github.com/kubernetes/kube-state-metrics/
 type: application
-version: 5.16.0
+version: 5.17.0

charts/kasten/k10/charts/prometheus/charts/kube-state-metrics/templates/deployment.yaml

@@ -115,10 +115,10 @@ spec:
         {{- if .Values.selfMonitor.telemetryPort }}
         - --telemetry-port={{ $telemetryPort }}
         {{- end }}
+        {{- end }}
         {{- if .Values.customResourceState.enabled }}
         - --custom-resource-state-config-file=/etc/customresourcestate/config.yaml
         {{- end }}
-        {{- end }}
         {{- if or (.Values.kubeconfig.enabled) (.Values.customResourceState.enabled) (.Values.volumeMounts) }}
         volumeMounts:
         {{- if .Values.kubeconfig.enabled }}
@@ -149,7 +149,7 @@ spec:
         livenessProbe:
           failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
           httpGet:
-            {{- if .Values.kubeRBACProxy.enabled }}
+            {{- if .Values.hostNetwork }}
             host: 127.0.0.1
             {{- end }}
             httpHeaders:
@@ -167,7 +167,7 @@ spec:
         readinessProbe:
           failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
           httpGet:
-            {{- if .Values.kubeRBACProxy.enabled }}
+            {{- if .Values.hostNetwork }}
             host: 127.0.0.1
             {{- end }}
             httpHeaders:

charts/kasten/k10/charts/prometheus/charts/kube-state-metrics/values.yaml

@@ -37,7 +37,10 @@ autosharding:
 
 replicas: 1
 
-# Change the deployment strategy when autosharding is disabled
+# Change the deployment strategy when autosharding is disabled.
+# ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
+# The default is "RollingUpdate" as per Kubernetes defaults.
+# During a release, 'RollingUpdate' can lead to two running instances for a short period of time while 'Recreate' can create a small gap in data.
 # updateStrategy: Recreate
 
 # Number of old history to retain to allow rollback
@@ -108,7 +111,12 @@ kubeRBACProxy:
   ## Specify security settings for a Container
   ## Allows overrides and additional options compared to (Pod) securityContext
   ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
-  containerSecurityContext: {}
+  containerSecurityContext:
+    readOnlyRootFilesystem: true
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+      - ALL
 
   resources: {}
     # We usually recommend not to specify default resources and to leave this as a conscious
@@ -245,6 +253,7 @@ securityContext:
 ## Allows overrides and additional options compared to (Pod) securityContext
 ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
 containerSecurityContext:
+  readOnlyRootFilesystem: true
   allowPrivilegeEscalation: false
   capabilities:
     drop:

charts/kasten/k10/charts/prometheus/charts/prometheus-node-exporter/Chart.yaml

@@ -22,4 +22,4 @@ name: prometheus-node-exporter
 sources:
 - https://github.com/prometheus/node_exporter/
 type: application
-version: 4.26.0
+version: 4.31.0

charts/kasten/k10/charts/prometheus/charts/prometheus-node-exporter/templates/_helpers.tpl

@@ -183,3 +183,20 @@ labelNameLengthLimit: {{ . }}
 labelValueLengthLimit: {{ . }}
 {{- end }}
 {{- end }}
+
+{{/* Sets sidecar volumeMounts */}}
+{{- define "prometheus-node-exporter.sidecarVolumeMounts" -}}
+{{- range $_, $mount := $.Values.sidecarVolumeMount }}
+- name: {{ $mount.name }}
+  mountPath: {{ $mount.mountPath }}
+  readOnly: {{ $mount.readOnly }}
+{{- end }}
+{{- range $_, $mount := $.Values.sidecarHostVolumeMounts }}
+- name: {{ $mount.name }}
+  mountPath: {{ $mount.mountPath }}
+  readOnly: {{ $mount.readOnly }}
+{{- if $mount.mountPropagation }}
+  mountPropagation: {{ $mount.mountPropagation }}
+{{- end }}
+{{- end }}
+{{- end }}